Securing WinRM over HTTPS [Windows Server 2019] NEW SITE: #configure-winrm-over-https I (tobor), cover how to configure WinRM over HTTPS in an Windows environment using Group Policy on Windows Server 2019 domain environment consisting of a Domain Controller and a Certificate Authority. If you like what you see please Subscribe! 0:00 Intro Summary 0:52 BTPS SecPack policy settings that will be covered 1:00 Create a group policy 1:21 Assign Group Policy to OU 1:30 Edit Group Policy settings 1:47 Security Filtering permissions on GPO policy 2:05 Delegation permission on GPO Policy 2:18 Policy Setting Services WinRM 3:00 Permissions required to start a service using "Log on as service" 3:41 Recovery Tab on Services 3:54 Policy Setting Create Registry Value 5:22 Policy Setting Network Connections for WMI (optional) 6:04 Policy Setting Allow inbound remote administration exception (optional) 6:24 Policy Setting Allow ICMP Exceptions (optional) 6:41 Policy Setting Credential Delegation 6:52 CredSSP Summary Example Windows Admin Center 7:23 Policy Setting Encryption Oracle Remediation 7:52 Policy Setting Allow Delegate Fresh Credentials 9:08 Policy Setting Allow Delegate Fresh Credentials using NTLM-only Server Authentication 9:30 Windows Components Remote Management 9:58 Policy Setting WinRM Client 12:30 Policy Setting Trusted Hosts 13:07 Policy Setting WinRM Service 13:21 Policy Setting Allow Remote Server Management with WinRM 15:17 Policy Setting Disallow WinRM from storing runas credentials 15:51 Turn on Compatibility HTTP/HTTPS Listener 16:35 Create WinRM SSL Certificate Template 17:02 Duplicate Web Server Cert Template 17:10 Compatability Tab 17:25 General Tab 17:40 Request Handling Tab 18:12 Cryptography Tab 18:27 Security Tab 19:09 Subject Name Tab 20:11 DC Replication to access new template quicker 20:41 Sites and Services 20:52 Force Replication 21:10 Local Computer Cert Manager 21:19 Request New Certificate for WinRM 21:51 Enumerate WinRM cert used with port 5986 22:07 Change Listener Certificate for WinRM 22:20 Delete current certificate associated with port 5986 22:45 Assign certificate to WinRM over HTTPS 24:00 Verify cert assigned to port 24:20 BTPS Secpack command reference 24:39 If incorrect CN name on cert is set, this happens 25:32 Loopback listener is not configured for WinRM service to attach to on my instance 26:00 Invoke-Command Example using WinRM over HTTPS 26:25 WinRM port 5985 is disabled in my instance View my Verified Certifications! Follow us on GitHub! Official Site Give Respect on HackTheBox! Like us on Facebook! View PS Gallery Modules! The . Security Package